Hi,
I'm looking to setup an SSE push event hub following the documentation provided for this asset here. Regarding the section about implementing authentication, the docs state the following:
Authentication can be implemented by passing a bearer token together with the URL, and implementing the Auth mechanism normally as you would with any REST Expose API. There are several strategies to accomplish this, via api-keys, or jwt.
However on the client side the SSEEventListener block doesn't provide any additional fields for passing request headers/credentials, only the field for the SSESubscribeURL:
Is there a way to pass basic authentication credentials through a bearer token simply via this URL field, or am I missing something? Would appreciate any further guidance, thank you!
Regards,
Matthew
Hi Mattew,
You are right, I'm sorry if the docs were mis-leading, I already corrected them.
The EventSource API does not, at the moment, support adding headers to the initial client-server request thus voiding a normal Bearer / Basic Auth request.
As a work-around, authentication can be implemented by passing a token together with the URL as a parameter, and validating it either on the onRequest hook or with the custom onAuthentication hook, always using SSL.
The above is not perfect, and I am looking for other strategies to implement this. There are some polyfills around that I could use (I didn't really like any of them because they were very intrusive) and this idea of using the Fetch() Api with support for Evergreen Browsers that I really like, but needs more time.
Please check the new SSE Reactive and Traditional libs and example apps that you can use with the SSE Hub.
They provide Microsoft's Fetch Event Source implementation that allows for custom Http Headers to be passed.